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Art Unit: 2136 

DETAILED ACTION 
Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1, 3-4, 6, 8-9, 12, 14-15, 17, 19-20, 23, 25-26, 28, 30-31, 34, 36-37, 39, 41-42, 
45, 47-48, are rejected under 35 U.S.C. 102(e) as being anticipated by Torrubia-Saez, 
US Patent No. 6,966,002, hereinafter Saez. 

As per claim 1, 6, 12, 17, 23, 28, 34, 39, 45, 47, 48 Saez teaches: 

A method for enrolling for receipt of one or more obfuscated application programs, the method 
comprising: 

issuing an enrollment request comprising a target ID ["system identification information"], said enrollment 

request for receipt of one or more obfuscated application programs ["software product] controlled by an 

application program provider /"serve/7, said target ID specifying a user device ["components of the 

users's computer"] configured to execute said one or more obfuscated application programs; 

[see col. 18, lines 6-9] "the server sends a software product, which is either an executable object 
or a data object, to the user's computer, in response to a request sent to the server from the 
user's computer." 

[see col. 18] "In response to input from the user, an access control executable portion of the 
software product (if an executable object) or of the driver executable (if the software product is a 
data object) causes the user's computer to transmit a purchase request for partial or full access to 
the software product, and the server receives the purchase request. Step 1240 follows, at which 
the server sends to the user's computer a program which generates system identification 
information based on data that is specific to the user's computer. For example, the data used to 
generate the system identification information may include serial numbers of such components of 
the user's computer as the hard disk, the network interface card, the motherboard, and so forth. 
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The user's computer then sends to the server the resulting system identification information, as 
well as information, such as a credit card number, which is required to complete the transaction. 
This information is received at the server, as indicated at step 1250. Following step 1250 is step 
1260, at which the server validates the credit card information and generates a decryption key 
and/or a decryption executable program on the basis of the system identification information 
received from, and specific to, the user's computer" 

obtaining a secret in response to said issuing; and 

[see col. 18, lines 49-51] a The decryption key and/or decryption executable program are then 
transmitted to the user's computer from the server, as indicated at step 1270. " 

associating said secret with said application program provider, said secret for use in executing said one 

or more obfuscated application programs received from said application program provider. 

[see col. 18, lines 52-55] u The decryption key and/or decryption executable program are then 
used in the user's computer to decrypt the software object to which the user has just purchased 
usage rights. " 



As per claim 3, 14, 25, 36, Saez teaches: 

A method for enrolling for receipt of one or more obfuscated application programs, the method 
comprising: 

receiving an enrollment request comprising a target ID, said enrollment request for access by a user 

device to one or more obfuscated application programs, said target ID specifying said user device, said 

user device configured to execute said one or more obfuscated application programs; 

[see rejection of claim 1] 

determining a secret in response to said request; associating said secret with said target ID; and 

[see rejection of claim 1, "the server validates the credit card information and generates a 
decryption key and/or a decryption executable program on the basis of the system identification 
information received from, and specific to, the user's computer. 11 ] 

transferring said secret to said user device. 

[see col. 18, lines 49-51] "The decryption key and/or decryption executable program are then 
transmitted to the user's computer from the server, as indicated at step 1270." 



As per claim 4, 15, 26, 37, Saez teaches: 

The method of claim 3 wherein said determining and said transferring form part of a key exchange 
protocol. 



Application/Control Number: 10/672,698 Page 4 

Art Unit: 2136 

[see rejection of claim 3, wherein the generating and transmitting of the decryption key are 
considered as forming part of a key exchange protocol.] 

As per claim 8, 19, 30, 41, Saez teaches: 

A method for application program obfuscation, the method comprising: 

determining a current obfuscation method based at least in part on a target ID, said target ID specifying a 

user device configured to execute said obfuscated application program; 

[see rejection of claim 1] "the server validates the credit card information and generates a decryption 
key and/or a decryption executable program on the basis of the system identification information 
received from, and specific to, the user's computer. 11 

The decryption key that will be generated is based in part on the payment authorized by user's credit card as 
well as system identification information. Depending on the amount of payment, user will be 
authorized to use certain portions/versions of the software product The appropriate decryption 
key will be generated allowing user access to said portions. 

creating an obfuscated application program based at least in part on said current obfuscation method; 

and 

[see col. 3] "a software package is provided, comprising: a software object having a first set of 
features and a second set of features, the first set of features being encrypted and the second set 
of features being unencrypted; and a signature readable by a predetermined executable serving 
to control access to the encrypted first set of features." 

sending said obfuscated application program to said user device. 

[see rejection of claim 1] 

As per claim 9, 20, 31, 42, Saez teaches: 

The method of claim 8, further comprising receiving an application program request from said user 
device, said determining occurring in response to said receiving. 

[see rejection of claim 1, wherein the decryption key is generated after the user requests the 

software product] 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 2, 5, 7, 13, 16, 18, 24, 27, 29, 35, 38, 40, 46, are rejected under 35 U.S.C. 

103(a) as being unpatentable over Saez. 

As per claim 2, 5, 7, 13, 16, 18, 24, 27, 29, 35, 38, 40, 46, Saez teaches: 

The method of claim 1 wherein said user device comprises a virtual machine (VM); and said target ID 
comprises a VM ID. 

As is well known in the art, a virtual machine is a piece of computer software that isolates the 
application being used by the user from the computer. Because versions of the virtual machine are written 
for various computer platforms, any application written for the virtual machine can be operated on any of 
the platforms, instead of having to produce separate versions of the application for each computer and 
operating system. 

The Saez reference has been discussed above. Saez does not explicitly teach that the user's 
device comprises a virtual machine. Virtual machines are well known in the art. It would have been 
obvious at the time of the invention to one of ordinary skill in the art to which the subject matter pertains to 
modify the invention taught by Saez to include the use of virtual machines as user devices because it 
would allow the invention to be implemented in a platform-independent environment. Implementing 
virtual machines within the Saez invention facilitates the use of VM IDs. 
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Claims 10, 11, 21, 22, 32, 33, 43, 44, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Saez as applied to claims 8-9 above, and further in view of Rusnak et 
al., US Patent No. 6,098,056. 

As per claim 10, 21, 32, 43: 

The method of claim 8 wherein said method further comprises, after said creating, applying a 

cryptographic process to said obfuscated application program together with a cryptographic key to create 

an encrypted obfuscated application program; and said sending comprises sending said encrypted 

obfuscated application program. 

The Saez reference has been discussed above. Saez does not teach applying a cryptographic 

process to the obfuscated application program to create an encrypted obfuscated application program. 

Rusnak teaches doubly encrypting a document encryption key (DEK) as seen below: 

[see col. 3] "After authentication, the server decrypts the DEK with its private key; encrypts the 
newly encrypted DEK with TIH's public key; encrypts the decrypted key with the client's public 
key; and returns the doubly encrypted DEK to the client" 

It would have been obvious at the time of the invention to one of ordinary skill in the art to modify 
the Saez invention to doubly encrypt the content being transmitted in order to authorize and authenticate 
both user and server, thus improving the overall security of the system. 

As per claim 11, 22, 33, 44: 

[see rejection of claim 2] 



Conclusion 

The following patents, pre-grant publications and NPL are cited to further show the state of the art 
with respect to secure distribution of digital content. 

US PGP No. 20040260933 which is cited to show a method of preventing tampering of programs. 
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US PGP No. 20020184618 which is cited to show a method for transparently transforming and 
executing applications. 

US Patent No. 6668325 which is cited to show obfuscation techniques for enhancing software 
security. 

US PGP No. 20030172270 which is cited to show a system for enabling content security in a 
distributed system. 

US Patent No. 7017188 which is cited to show a method for secure content delivery over 
broadband access networks. 

US Patent No. 6449721 which is cited to show a method of encrypting information for remote 
access while maintaining access control. 

US PGP No. 20030123664 which is cited to show secure delivery of encrypted digital content. 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

*. Any inquiry concerning this communication or earlier communications from the examiner should 

be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 

be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 

this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
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see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Daniel L. Hoang 
1/19/07 



'/ 



